attribyte / pubsubhub

A server that implements the PubSubHubbub protocol.
2 stars 1 forks source link

Bump jetty-server from 9.4.19.v20190610 to 9.4.41.v20210516 #9

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 3 years ago

Bumps jetty-server from 9.4.19.v20190610 to 9.4.41.v20210516.

Release notes

Sourced from jetty-server's releases.

9.4.41.v20210516

Changelog

  • This release resolves CVE-2021-28169
  • #6099 Cipher preference may break SNI if certificates have different key types
  • #6186 Add Null Protection on Log / Logger
  • #6205 OpenIdAuthenticator may use incorrect redirect
  • #6208 HTTP/2 max local stream count exceeded
  • #6227 Better resolve race between AsyncListener.onTimeout and AsyncContext.dispatch
  • #6254 Total timeout not enforced for queued requests
  • #6263 Review URI encoding in ConcatServlet & WelcomeFilter
  • #6277 Better handle exceptions thrown from session destroy listener
  • #6280 Copy ServletHolder class/instance properly during startWebapp

9.4.40.v20210413

Notable Bug Fixes

Users of GzipHandler should upgrade. (#6168) Users of SSL/TLS on the jetty-server or jetty-client should upgrade. (#6082)

Changelog

  • #6168 - Improve handling of unconsumed content
  • #6148 - Jetty start.jar always reports jetty.tag.version as master
  • #6105 - HttpConnection.getBytesIn() incorrect for requests with chunked content
  • #6082 - SslConnection compacting

9.4.39.v20210325

Changelog

:warning: Important Security related Changes

Other Changes

  • #6034 - SslContextFactory may select a wildcard certificate during SNI selection when a more specific SSL certificate is present
  • #6050 - Websocket: NotUtf8Exception after upgrade 9.4.35 -> 9.4.36 or newer
  • #6052 - Cleanup TypeUtil and ModuleLocation to allow jetty-client/hybrid to work on Android
  • #6063 - Allow override of hazelcast version when using module
  • #6085 - Jetty keeps Sessions in use after "Duplicate valid session cookies" Message

9.4.38.v20210224

Changelog

  • #6001 - Ambiguous URI legacy compliance mode

... (truncated)

Commits
  • 98607f9 Updating to version 9.4.41.v20210516
  • 087f486 Issue #6277 Better handling of exceptions thrown in sessionDestroyed (#6278) ...
  • edcaf70 Copy ServletHolder class/instance properly during startWebapp (#6214)
  • 1c05b0b Fixes #6263 - Review URI encoding in ConcatServlet & WelcomeFilter.
  • 9cb9343 Issue #6205 - Fix serialization issues in OpenIdAuthenticator
  • 2e7f5eb Issue #6205 - Fix issues with OpenID redirecting to wrong URI (#6211)
  • 88ac104 Issue #6254 - Total timeout not enforced for queued requests.
  • da50e06 Fixes #6254 - Total timeout not enforced for queued requests.
  • 5f23689 Issue #6254 - Total timeout not enforced for queued requests.
  • 003c313 upgrade h2spec-maven-plugin 1.0.5 (#6247)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/attribyte/pubsubhub/network/alerts).
dependabot[bot] commented 2 years ago

Superseded by #12.